PHPackages                             sseffa/zanzibar-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. sseffa/zanzibar-php

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

sseffa/zanzibar-php
===================

Google Zanzibar-style authorization system for PHP

00PHP

Since Feb 8Pushed 3mo agoCompare

[ Source](https://github.com/sseffa/zanzibar-php)[ Packagist](https://packagist.org/packages/sseffa/zanzibar-php)[ RSS](/packages/sseffa-zanzibar-php/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependenciesVersions (1)Used By (0)

Zanzibar PHP
============

[](#zanzibar-php)

Google Zanzibar-style authorization for PHP. Works with Laravel and Symfony.

Install
-------

[](#install)

```
composer require sseffa/zanzibar-php
```

Quick Start
-----------

[](#quick-start)

```
use Zanzibar\Zanzibar;
use Zanzibar\Config\NamespaceConfig;

$zanzibar = Zanzibar::create()
    ->withNamespace(
        NamespaceConfig::create('document')
            ->addRelation('owner')
            ->addRelationIncluding('editor', 'owner')
            ->addRelationIncluding('viewer', 'editor')
    )
    ->build();

// Grant permission
$zanzibar->allow('document:123', 'viewer', 'user:alice');

// Check permission
$zanzibar->can('document:123', 'viewer', 'user:alice'); // true

// Owner inherits editor and viewer
$zanzibar->allow('document:123', 'owner', 'user:bob');
$zanzibar->can('document:123', 'viewer', 'user:bob'); // true
```

Features
--------

[](#features)

- **Tuple-based model**: `(object, relation, subject)`
- **Relation inheritance**: owner -&gt; editor -&gt; viewer
- **Group permissions**: `group:team#member`
- **Wildcards**: `user:*` for public access
- **Exclusion**: subscriber AND NOT banned
- **Folder hierarchy**: inherit permissions from parent

Laravel
-------

[](#laravel)

Auto-discovered. Publish config:

```
php artisan vendor:publish --tag=zanzibar-config
```

```
// config/zanzibar.php
'namespaces' => [
    'document' => [
        'owner' => null,
        'editor' => 'owner',
        'viewer' => 'editor',
    ],
],
```

Usage:

```
use Zanzibar\Laravel\Facades\Zanzibar;

Zanzibar::allow('document:1', 'viewer', 'user:1');
Zanzibar::can('document:1', 'viewer', 'user:1');
```

Symfony
-------

[](#symfony)

Register bundle:

```
// config/bundles.php
Zanzibar\Symfony\ZanzibarBundle::class => ['all' => true],
```

```
# config/packages/zanzibar.yaml
zanzibar:
    secret: '%env(APP_SECRET)%'
    namespaces:
        document:
            owner: ~
            editor: owner
            viewer: editor
```

Advanced
--------

[](#advanced)

### Group-based access

[](#group-based-access)

```
use Zanzibar\Core\SubjectRef;

$zanzibar->allow('group:team', 'member', 'user:alice');
$zanzibar->allow('document:1', 'viewer', SubjectRef::userset('group', 'team', 'member'));

$zanzibar->can('document:1', 'viewer', 'user:alice'); // true
```

### Wildcard (public)

[](#wildcard-public)

```
$zanzibar->allow('video:1', 'viewer', SubjectRef::wildcard('user'));
$zanzibar->can('video:1', 'viewer', 'user:anyone'); // true
```

### Exclusion (banned users)

[](#exclusion-banned-users)

```
use Zanzibar\Config\Rewrite\{ComputedUserset, ExclusionUserset};

NamespaceConfig::create('channel')
    ->addRelation('subscriber')
    ->addRelation('banned')
    ->addRelationWithRewrite('can_view', new ExclusionUserset(
        base: new ComputedUserset('subscriber'),
        subtract: new ComputedUserset('banned'),
    ));
```

### Folder hierarchy

[](#folder-hierarchy)

```
use Zanzibar\Config\Rewrite\{DirectUserset, ComputedUserset, TupleToUserset, UnionUserset};

NamespaceConfig::create('folder')
    ->addRelation('parent')
    ->addRelationWithRewrite('viewer', new UnionUserset([
        new DirectUserset(),
        new TupleToUserset('parent', 'viewer'),
    ]));

$zanzibar->allow('folder:root', 'viewer', 'user:alice');
$zanzibar->allow('folder:child', 'parent', 'folder:root');
$zanzibar->can('folder:child', 'viewer', 'user:alice'); // true
```

Test
----

[](#test)

```
composer test
```

License
-------

[](#license)

MIT

###  Health Score

18

—

LowBetter than 8% of packages

Maintenance55

Moderate activity, may be stable

Popularity0

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity12

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/061ddb986b4465a770e939973cb40cc8d399c679f9c2c4d3c7ba4846c722e4c4?d=identicon)[sseffa](/maintainers/sseffa)

---

Top Contributors

[![sseffa](https://avatars.githubusercontent.com/u/2960378?v=4)](https://github.com/sseffa "sseffa (3 commits)")

### Embed Badge

![Health badge](/badges/sseffa-zanzibar-php/health.svg)

```
[![Health](https://phpackages.com/badges/sseffa-zanzibar-php/health.svg)](https://phpackages.com/packages/sseffa-zanzibar-php)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)